Slashdot_Main

Unpatched Exploit Lets You Clone Key Fobs and Open Subaru Cars

4 days 23 hours ago
An anonymous reader writes: Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models, a vulnerability the vendor has not patched and could be abused to hijack cars. The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations. These codes -- called rolling codes or hopping code -- should be random, in order to avoid situations when an attacker discovers their sequence and uses the flaw to hijack cars. This is exactly what Wimmenhove did. He created a device that sniffs the code, computes the next rolling code and uses it to unlock cars... The researcher said he reached out to Subaru about his findings. "I did [reach out]. I told them about the vulnerability and shared my code with them," Wimmenhove told BleepingComputer. "They referred me to their 'partnership' page and asked me to fill in a questionnaire. It didn't seem like they really cared and I haven't heard back from them." His Subaru-cracking feat -- documented in a video -- was accomplished using a $25 Raspberry Pi B+ and two dongles, one for wifi ($2) and one for a TV ($8), plus a $1 antenna and a $1 MCX-to-SMA convertor.

Read more of this story at Slashdot.

EditorDavid

In a Cashless World, You'd Better Pray the Power Never Goes Out

5 days ago
schwit1 quotes the Mises Institue: When Hurricane Maria knocked out power in Puerto Rico, residents there realized they were going to need physical cash — and a lot of it. Bloomberg reported that the Fed was forced to fly a planeload of cash to the Island to help avert disaster. "William Dudley, the New York Fed president, put the word out within minutes, and ultimately a jet loaded with an undisclosed amount of cash landed on the stricken island. [Business executives in Puerto Rico] described corporate clients' urgent requests for hundreds of thousands in cash to meet payrolls, and the challenge of finding enough armored cars to satisfy endless demand at ATMs... As early as the day after the storm, the Fed began working to get money onto the island." For a time, unless one had a hoard of cash stored up in ones home, it was impossible to get cash at all. 85 percent of Puerto Rico is still without power... Bloomberg continues: "When some generator-powered ATMs finally opened, lines stretched hours long, with people camping out in beach chairs and holding umbrellas against the sun." In an earlier article from September 25, Bloomberg noted how, without cash, necessities were simply unavailable: "Cash only," said Abraham Lebron, the store manager standing guard at Supermax, a supermarket in San Juan's Plaza de las Armas. He was in a well-policed area, but admitted feeling like a sitting duck with so many bills on hand. "The system is down, so we can't process the cards. It's tough, but one finds a way to make it work."

Read more of this story at Slashdot.

EditorDavid

Microsoft Edge Beats Chrome and Firefox in Malware-Blocking Tests

5 days 2 hours ago
An anonymous reader quotes Computerworld:Microsoft's Edge easily beat rival browsers from Google and Mozilla in third-party tests of the behind-the-scenes services which power anti-malware warnings and malicious website-blocking... NSS Labs says Windows 10's default browser is better at blocking phishing and socially-engineered malware attacks than Google Chrome or Mozilla Firefox... According to NSS Labs of Austin, Texas, Edge automatically blocked 92% of all in-browser credential phishing attempts and stymied 100% of all socially-engineered malware (SEM) attacks. The latter encompassed a wide range of attacks, but their common characteristic was that they tried to trick users into downloading malicious code. The tactics that SEM attackers deploy include links from social media, such as Facebook and Twitter, and bogus in-browser notifications of computer infections or other problems. Edge bested Chrome and Firefox by decisive margins. For instance, Chrome blocked 74% of all phishing attacks, and 88% of SEM attacks. Meanwhile, Firefox came in third in both tests, stopping just 61% of the phishing attacks and 70% of all SEM attempts... Both Chrome and Mozilla's Firefox rely on the Safe Browsing API (application programing interface), but historically, Mozilla's implementation has performed poorly compared to Google's. No shock: Google created the API. Edge also took top prize in blocking attacks from the get-go. In NSS's SEM attack testing, for example, the Microsoft browser stopped nearly every attempt from the first moments a new attack was detected. Chrome and Firefox, on the other hand, halted 75% and 54% of the brand-new attacks, respectively. Over a week's time, Chrome and Firefox improved their blocking scores, although neither reached Edge's impressive 99.8%. The researchers spent three weeks continuously monitoring the browsers on Windows 10 computers. But in the real world, Edge runs on just 5% of all personal computers, while Firefox runs on 13% and Chrome on 60%.

Read more of this story at Slashdot.

EditorDavid

SUSE Shares Linux-Themed Music Video Parodies

5 days 6 hours ago
Long-time Slashdot reader troublemaker_23 quotes ITWire: German Linux company SUSE Linux is well-known for its Linux and other open source solutions. It is also known for producing videos for geeks and debuting them at its annual SUSECon conference. This year, in Prague, was no different. The company, which marked its 25th year on 2 September, came up with two videos, one to mark the occasion and the other all about Linux and open source. Both videos are parodies of well-known songs: the video Linus Said is based on "Momma Said", while 25 Years is a parody of "7 Years". Some of the lyrics in both SUSE videos would be meaningless to the average person -- but every word will ring a bell, sometimes a very poignant one, with geeks. And that's the primary audience it targets. The article embeds both videos -- and also links to the music videos they're parodying. And it includes links to SUSE's two previous annual music video parodies -- Uptime Funk (based on Bruno Mars' blockbuster hit "Uptown Funk"), and Can't Stop the SUSE, a parody of Justin Timberlake's "Can't Stop the Feeling".

Read more of this story at Slashdot.

EditorDavid

Ask Slashdot: How Can You Apply For A Job When Your Code Samples Suck?

5 days 10 hours ago
An anonymous Slashdot reader ran into a problem when looking for a new employer: Most ask for links to "recent work" but the reason I'm leaving my current job is because this company doesn't produce good code. After years of trying to force them to change, they have refused to change any of their poor practices, because the CTO is a narcissist and doesn't recognize that so much is wrong. I have written good code for this company. The problem is it is mostly back-end code where I was afforded some freedom, but the front-end is still a complete mess that doesn't reflect any coherent coding practice whatsoever... I am giving up on fixing this company but finding it hard to exemplify my work when it is hidden behind some of the worst front-end code I have ever seen. Most job applications ask for links to live code, not for code samples (which I would more easily be able to supply). Some of the websites look okay on the surface, but are one right click -> inspect element away from giving away the mess; most of the projects require a username and password to login as well but account registration is not open. So how do I reference my recent work when all of my recent work is embarrassing on the front-end? The original submission's title asked what to use for work samples "when the CTO has butchered all my work." Any suggestions? Leave your best thoughts in the comments. How can you apply for a job when your code samples suck?

Read more of this story at Slashdot.

EditorDavid

Cord-Cutters Drive Cable TV Subscribers to a 17-Year Low

5 days 12 hours ago
An anonymous reader quotes the Washington Post: On Wednesday, AT&T told regulators that it expects to finish the quarter with about 90,000 fewer TV subscribers than it began with. AT&T blamed a number of issues, including hurricane damage to infrastructure, rising credit standards and competition from rivals. The report also shows AT&T lost more traditional TV customers than it gained back through its online video app, DirecTV Now. And analysts are suggesting that that's evidence that cord-cutting is the main culprit... "DirecTV, like all of its cable peers, is suffering from the ravages of cord-cutting," said industry analyst Craig Moffett in a research note this week. Moffett added that while nobody expected AT&T's pay-TV numbers to look good, hardly anyone could have predicted they would look "this bad." The outlook doesn't look much healthier for the rest of the television industry. Over the past year, cable and satellite firms have collectively lost nearly 3 million customers, according to estimates by market analysts at SNL Kagan and New Street Research. The number of households with traditional TV service is hovering at about the level it was in 2000, according to New Street's Jonathan Chaplin, in a study last week. Other analysts predict that, after factoring in AT&T's newly disclosed losses, the industry will have lost 1 million traditional TV subscribers by the end of this quarter.

Read more of this story at Slashdot.

EditorDavid

Not Just Equifax. Rival Site Transunion Served Malware Too -- and 1,000 More Sites

5 days 14 hours ago
An anonymous reader quotes Ars Technica: Equifax isn't the only credit-reporting behemoth with a website redirecting visitors to fake Adobe Flash updates. A security researcher from AV provider Malwarebytes said transunioncentroamerica.com, a TransUnion site serving people in Central America, [was] also sending visitors to the fraudulent updates and other types of malicious pages... Malwarebytes security researcher Jerome Segura says he was able to repeatedly reproduce a similar chain of fraudulent redirects when he pointed his browser to the transunioncentroamerica.com site. On some occasions, the final link in the chain would push a fake Flash update. In other cases, it delivered an exploit kit that tried to infect computers with unpatched browsers or browser plugins... "This is not something users want to have," Segura told Ars... Equifax on Thursday was quick to say that its systems were never compromised in the attacks. TransUnion said much the same thing. This is an important distinction in some respects because it means that the redirections weren't the result of attackers having access to restricted parts of either company's networks. At the same time, the incidents show that visitors to both sites remain much more vulnerable to malicious content than they should be. Both sites hosted fireclick.js, an old script from a small web analytics company which pulls pages from sites like Akamai, SiteStats.info, and Ostats.net. "It appears that attackers have compromised the third-party library," writes BankInfoSecurity, adding that Malwarebytes estimates over a 1,000 more sites are using the same library.

Read more of this story at Slashdot.

EditorDavid

8.5-Ton Chinese Space Station Will Crash To Earth In a Few Months

5 days 15 hours ago
dryriver writes: China launched a space laboratory named Tiangong 1 into orbit in 2011. The space laboratory was supposed to become a symbol of China's ambitious bid to become a space superpower. After two years in space, Tiangong 1 started experiencing technical failure. Last year Chinese officials confirmed that the space laboratory had to be scrapped. The 8.5 ton heavy space laboratory has begun its descent towards Earth and is expected to crash back to Earth within the next few months. Most of the laboratory is expected to burn up in earth's atmosphere, but experts believe that pieces as heavy as 100 kilograms (220 pounds) may survive re-entry and impact earth's surface. Nobody will be able to predict with any precision where those chunks of space laboratory will land on Earth until a few hours before re-entry occurs. The chance that anyone would be harmed by Tiangong-1's debris is considered unlikely. When NASA's SkyLab fell to earth in 1979, an Australian town fined them $400 -- for littering.

Read more of this story at Slashdot.

EditorDavid

Ransomware Sales On the Dark Web Spike 2,502% In 2017

5 days 16 hours ago
Slashdot reader rmurph04 writes: Ransomware is a $6.2 million industry, based on sales generated from a network of more than 6,300 Dark Web marketplaces that sell over 45,000 products, according to a report released Wednesday by cybersecurity firm Carbon Black. While the authors of the software are earning six-figure incomes, ransom payments totalled $1 billion in 2016, according to FBI estimates -- up from just $24 million in 2015. Carbon Black, which was founded by former U.S. government "offensive security hackers," argues that ransomware's growth has been aided by "the emergence of Bitcoin for ransom payment, and the anonymity network, Tor, to mask illicit activities.. Bitcoin allows money to be transferred in a way that makes it nearly impossible for law enforcement to 'follow the money.'"

Read more of this story at Slashdot.

EditorDavid

What Will Replace Computer Keyboards?

5 days 17 hours ago
jeffengel writes:Computer keyboards will be phased out over the next 20 years, and we should think carefully about what replaces them as the dominant mode of communicating with machines, argues Android co-founder Rich Miner. Virtual reality technology and brain-computer links -- whose advocates include Elon Musk -- could lead to a "dystopian" future where people live their lives inside of goggles, or they jack directly into computers and become completely "de-personalized," Miner worries. He takes a more "humanistic" view of the future of human-machine interfaces, one that frees us to be more expressive and requires computers to communicate on our level, not the other way around. That means software that can understand our speech, facial expressions, gestures, and handwriting. These technologies already exist, but have a lot of room for improvement. One example he gives is holding up your hand to pause a video.

Read more of this story at Slashdot.

EditorDavid

How Open Source Software Helps The Federal Reserve Bank of New York

5 days 18 hours ago
Long-time Slashdot reader Esther Schindler quotes Hewlett Packard Enterprise: When you handle trillions of dollars a year in transactions and manage the largest known vault of gold in the world, security and efficiency are top priorities. Open source reusable software components are key to the New York Fed's successful operation, explains Colin Wynd, vice president and head of the bank's Common Service Organization... The nearly 2,000 developers across the Federal Reserve System used to have a disparate set of developer tools. Now, they benefit from a standard toolset and architecture, which also places limits on which applications the bank will consider using. "We don't want a third-party application that isn't compatible with our common architecture," said Wynd. One less obvious advantage to open source adoption is in career satisfaction and advancement. It gives developers opportunities to work on more interesting applications, said Wynd. Developers can now take on projects or switch jobs more easily across Federal Reserve banks because the New York Fed uses a lot of common open source components and a standard tool set, meaning retraining is minimal if needed at all." Providing training in-house also creates a more consistent use of best practices. "Our biggest headache is to prove to groups that an application is secure, because we have to defend against nation state attacks."

Read more of this story at Slashdot.

EditorDavid

Startup Plans To Clean Up Cigarette Butts Using Crows

5 days 19 hours ago
AmiMoJo writes: A startup in the Netherlands is developing the "Crowbar," a bird feeder that takes discarded cigarette butts as payment for dispensing food. A camera recognises cigarette filters and rejects any other objects placed in the Crowbar. The idea isn't entirely original, a gentleman in the US has already built a similar device and trained crows to deposit coins. The hope is that crows will be able to keep cities clean, sort through refuse and perform other tasks for our mutual benefit. Popular Mechanics notes that crows "are some of the smartest animals in the world," suggesting this means "we could harness their abilities for the greater good of our planet."

Read more of this story at Slashdot.

EditorDavid

Microsoft Employees Can Now Work In Treehouses

5 days 20 hours ago
Microsoft's campus now features three outdoor treehouses for its employees. An anonymous reader quotes CNBC: More than 12 feet off the ground, the treehouses feature charred-wood walls, skylights, at least one gas fireplace, Wi-Fi and hidden electrical outlets. Employees can even grab a bite at an outdoor extension of the indoor cafeteria. The "more Hobbit than HQ" treehouses are designed by Pete Nelson of the TV show "Treehouse Masters" and are part of Microsoft's growing "outdoor districts..." The company touts the professional benefits of working in nature -- greater creativity, focus and happiness -- but honestly, the treehouses are just plain cool. Microsoft touts a Harvard physician who believes nature "stimulates reward neurons in your brain. It turns off the stress response, which means you have lower cortisol levels, lower heart rate and blood pressure, and improved immune response." There's a short video on the "Working at Microsoft" channel on YouTube, but I'm curious what Slashdot readers think about working outdoors. Or, in a tree...

Read more of this story at Slashdot.

EditorDavid

Dutch Police Build a Pokemon Go-Style App For Hunting Wanted Criminals

5 days 21 hours ago
"How can the police induce citizens to help investigate crime? By trying to make it 'cool' and turning it into a game that awards points for hits," reports CSO. mrwireless writes: Through their 'police of the future' innovation initiative, and inspired by Pokemon Go, the Dutch police are building an app where you can score points by photographing the license plates of stolen cars. When a car is reported stolen the app will notify people in the neighbourhood, and then the game is on! Privacy activists are worried this creates a whole new relationship with the police, as a deputization of citizens blurs boundaries, and institutionalizes 'coveillance' -- citizens spying on citizens. It could be a slippery slope to situations that more resemble the Stasi regime's, which famously used this form of neighborly surveillance as its preferred method of control. CSO cites Spiegel Online's description of the unofficial 189,000 Stasi informants as "totally normal citizens of East Germany who betrayed others: neighbors reporting on neighbors, schoolchildren informing on classmates, university students passing along information on other students, managers spying on employees and Communist bosses denouncing party members." The Dutch police are also building another app that allows citizens to search for missing persons.

Read more of this story at Slashdot.

EditorDavid

Toshiba's Fast-Charging Battery Could Triple the Range of Electric Vehicles

5 days 22 hours ago
Big Hairy Ian quotes New Atlas: A key focus of electric vehicle (EV) makers is maximizing the range users can get from each charge, and for that reason new battery technologies are poised to play a huge part in driving their adoption. Toshiba has developed a new fast-charging battery it claims could allow EVs to travel three times as far as they do now, and then be fully recharged again in a matter of minutes. Toshiba's SCiB (Super Charge ion Battery) has been around in various forms since 2007, with its chief claim to fame an ability to charge to 90 percent of capacity in just five minutes. It also boasts a life-span of 10 years and high levels of safety, and has found its way into a number of notable EVs, including Mitsubishi's i MiEV and Honda's Fit EV. The current SCiB uses lithium titanium oxide as its anode, but Toshiba says it has now come up with a better way of doing things. The next-generation SCiB uses a new material for the anode called titanium niobium oxide, which Toshiba was able to arrange into a crystal structure that can store lithium ions more efficiently. So much so, that the energy density has been doubled. Toshiba calls the battery "a game changing advance that will make a significant difference to the range and performance of EV," and hopes to put it "into practical application" in 2019.

Read more of this story at Slashdot.

EditorDavid

Tesla Just Fired Hundreds Of Workers

5 days 23 hours ago
An anonymous reader quotes the Bay Area Newsgroup: Tesla fired hundreds of workers this week, including engineers, managers and factory workers, even as the company struggles to expand its manufacturing and product line... The company said this week's dismissals were the result of a company-wide annual review, and insisted they were not layoffs. Some workers received promotions and bonuses, and the company expects to hire for the "vast majority" of new vacancies, a spokesman said. "As with any company, especially one of over 33,000 employees, performance reviews also occasionally result in employee departures," a spokesman said. "Tesla is continuing to grow and hire new employees around the world." "Tesla has a hearing before the National Labor Relations Board in November for charges that company supervisors and security guards harassed workers distributing union literature," reports the Bay Area Newsgroup, adding that "Openly pro-union workers were among those fired this week. Some believe they were targeted." Tesla denies this, and says that they've generally boosted morale this week -- by rewarding higher-performing employees.

Read more of this story at Slashdot.

EditorDavid

Russia Reportedly Used Pokemon Go In an Effort To Inflame Racial Tensions

6 days 1 hour ago
An anonymous reader quotes a report from The Verge: Russia's far-ranging campaign to promote dissension in the United States reportedly included an effort to weaponize Pokemon Go. CNN reported that in July 2016, a Tumblr page linked to Russia's now-notorious Internet Research Agency promoted a contest encouraging people sympathetic to the Black Lives Matter movement to play the game near famous sites of police brutality. Players were told to change their characters' names to the victims of those incidents -- an apparent effort to inflame racial tensions. The Tumblr page was linked to Do Not Shoot Us, a multi-platform campaign designed to mimic aspects of Black Lives Matter. (As CNN notes, the name plays on "hands up, don't shoot," one of the movement's slogans.) Do Not Shoot Us included a website, donotshoot.us, along with related pages on Facebook, Instagram, Twitter, and YouTube. The Facebook page was one of 470 pages that were removed after the company determined that it was linked to Russian groups attempting to interfere in US politics.

Read more of this story at Slashdot.

BeauHD

Google Slashes Prices of Its USB-C Headphone Dongle Following Minor Outrage

6 days 4 hours ago
At its hardware event last week, Google unveiled its two new flagship smartphones: the Pixel 2 and Pixel 2 XL. While these devices feature high-end specifications and the latest version of Android, they both lack headphone jacks, upsetting many consumers who still rely heavily on wired headphones. To add insult to injury, Google announced a USB-C adapter for a whopping price of $20 -- that's $11 more than Apple's Lightning to 3.5mm adapter. This resulted in some minor outrage and caused Google to rethink its decision(s). As reported by 9to5Google, Google decided to slash the price of the dongle by over 50%. It is now priced at a more reasonable $9.

Read more of this story at Slashdot.

BeauHD

Microwave Tech Could Produce 40TB Hard Drives In the Near Future

6 days 7 hours ago
Western Digital has announced a potential game changer that promises to expand the limits of traditional HDDs to up to 40TBs using a microwave-based write head, and the company says it will be able to the public in 2019. Gizmodo reports: Western Digital's new approach, microwave-assisted magnetic recording (MAMR), can utilize the company's existing production chain to cram a lot more storage onto a 3.5-inch disk. In a technical overview, Western Digital says it has managed to overcome the biggest issue with traditional HDD drive storage -- the size of the write head. These days, an average hard drive maxes out in the 10-14TB range. But by integrating a new write head, "a spin torque oscillator," microwaves can create the energy levels necessary for copying data within a lower magnetic field than was ever previously possible. There's a more thorough white paper for those who want to dive in. According to Western Digital, MAMR has "the capability to extend areal density gains up to 4 Terabits per square inch." By the year 2025, it hopes to be packing 40TBs into the same size drive it offers today.

Read more of this story at Slashdot.

BeauHD

Magic Mushrooms 'Reboot' Brain In Depressed People, Study Suggests

6 days 10 hours ago
An anonymous reader quotes a report from The Guardian: Magic mushrooms may effectively "reset" the activity of key brain circuits known to play a role in depression, the latest study to highlight the therapeutic benefits of psychedelics suggests. Psychedelics have shown promising results in the treatment of depression and addictions in a number of clinical trials over the last decade. Imperial College London researchers used psilocybin -- the psychoactive compound that occurs naturally in magic mushrooms -- to treat a small number of patients with depression, monitoring their brain function, before and after. Images of patients' brains revealed changes in brain activity that were associated with marked and lasting reductions in depressive symptoms and participants in the trial reported benefits lasting up to five weeks after treatment. Dr Robin Carhart-Harris, head of psychedelic research at Imperial, who led the study, said: "We have shown for the first time clear changes in brain activity in depressed people treated with psilocybin after failing to respond to conventional treatments. Several of our patients described feeling 'reset' after the treatment and often used computer analogies. For example, one said he felt like his brain had been 'defragged' like a computer hard drive, and another said he felt 'rebooted.' Psilocybin may be giving these individuals the temporary 'kick start' they need to break out of their depressive states and these imaging results do tentatively support a 'reset' analogy. Similar brain effects to these have been seen with electroconvulsive therapy." The study has been published in Scientific Reports.

Read more of this story at Slashdot.

BeauHD
Checked
23 minutes 12 seconds ago
News for nerds, stuff that matters
Subscribe to Slashdot_Main feed